Skip to content

AWS KMS and HashiCorp Vault adapter implementation #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
kchain-solutions wants to merge 14 commits into
base: main
Choose a base branch
from
Open

AWS KMS and HashiCorp Vault adapter implementation #8

kchain-solutions wants to merge 14 commits into from

Conversation

@kchain-solutions
Copy link

@kchain-solutions kchain-solutions commented Oct 21, 2025

Description of change

This PR implements comprehensive key management integrations for the IOTA secret
storage system, including AWS KMS and HashiCorp Vault support with multiple
deployment modes.

Key Features

AWS KMS Integration:

 - AWS KMS adapter implementation with SECP256R1 key
 - Support for AWS profiles, IAM roles, and standard credentials
 - Key lifecycle management (generation, signing, deletion, lookup)
 - Comprehensive examples and integration tests

Hashi Vault Integration:

 - Hashi Vault adapter implementation with SECP256R1 key
 - Vault Transit Engine adapter for enterprise enclave key management
 - Standard authentication mode for direct Vault access
 - Vault Agent sidecar mode for Kubernetes deployments with automatic token injection
 - Key lifecycle management (generation, signing, deletion, lookup)
 - Comprehensive examples and integration tests

Testing Infrastructure:

 - hv-iota-e2e-test: Dockerized REST API application for testing the integration with IOTA twin infrastructure
 - End-to-end examples demonstrating complete workflows (key generation, faucet, transactions)
 - Docker Compose configurations for local development and testing

Documentation:

 - Comprehensive setup guides for AWS and Vault
 - Environment variable documentation
 - Vault Agent implementation guide for Kubernetes

Links to any relevant issues

Type of change

 - [X]  Enhancement

How the change has been tested

All changes have been tested with:

 - AWS KMS Integration:
   - Local testing with real AWS KMS: AWS_PROFILE=developer AWS_REGION=eu-west-1 cargo run --package storage-factory --example iota_kms_demo
   - Profile and IAM role authentication
 - HashiCorp Vault Integration:
   - Local Vault server: docker-compose -f docker-compose.vault.yml up -d
   - Standard mode: VAULT_ADDR=http://localhost:8200 VAULT_TOKEN=dev-token cargo run --package storage-factory --example iota_vault_demo
   - Vault Agent sidecar mode on twin infrastructure. Here the container shared with twin https://hub.docker.com/repository/docker/kchainsolutions/hv-iota-e2e-test/tags/1.1.0/sha256-87eda36865ddbc6ed723109319ee52da16349efe57fe0807dd2d3797b137cbfb

Change checklist

 - [ ]  I have followed the contribution guidelines for this project
 - [X]  I have performed a self-review of my own code
 - [X]  I have commented my code, particularly in hard-to-understand areas
 - [X]  I have made corresponding changes to the documentation
 - [X]  I have added tests that prove my fix is effective or that my feature works
 - [X]  I have checked that new and existing unit tests pass locally with my changes
 - [ ]  I have updated the CHANGELOG.md, if my changes are significant enough

kchain-solutions and others added 14 commits September 15, 2025 12:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kchain-solutions